- Cybercriminals were found running a payment skimmer to steal customers’ personal and financial data from the website.
- The stolen data was sent to a specific server located in the city of Irkutsk, Russia.
Media giant ABS-CBN suffered a data breach that resulted in cybercriminals stealing sensitive data and sending it to a Russian server. According to Dutch security researcher Willem ‘gwillem’ De Groot, who uncovered the breach, cybecriminals were running a payment skimmer to steal customers’ personal and financial data from the media giant’s website.
The attack is believed to have begun in August 16, 2018. The stolen data was sent to a specific server located in the city of Irkutsk, Russia.
“The stolen data is sent onwards to a server registered in Irkutsk, Russia. The credit cards and identities are then (presumably) sold on the black market. "Personal information and credit cards are intercepted while people shop for [merchandise] for one of the 90+ television shows,” said De Groot in a blog.
In a press release, ABS-CBN stated that the data breach is isolated only to the ABS-CBN store and the UAAP store websites. The media giant also said that none of its digital properties were affected by the breach.
The personal information and credit card details of customers may have been compromised in the hack. ABS-CBN said that 213 customers have likely been affected by the breach. The scale of the attack is yet to be confirmed as the firm is still investigating the incident.
The media firm has informed the National Privacy Commission about the breach. As a part of the data breach notification law, the company has also started to notify the affected customers. The firm has requested customers not to share their personal information with anyone that pretends to be an ABS-CBN representative.
“We have informed the National Privacy Commission and will be working closely with them.
We have started reaching out to all our affected customers. We also advise our customers not to give out additional personal and financial information to anyone who may be claiming to be an ABS-CBN representative," said the company in a statement.